Do you know what sensitive information is maintained by your company, where it is stored and how it is kept secure? Do you have an accounting of all information stored, including backups and archived data?

Have you completed a privacy and security audit of all data collection activities, including cloud and outsourced services?

Are you prepared to communicate the breach to customers, partners and stockholders?

Do you have readily available access codes and credentials to critical systems in the event key staff are not available or incapacitated?

Are employees trained and prepared to notify management in case of accidental data loss or a malicious attack? Are employees reluctant to report such incidents for fear of disciplinary action or termination?

Do you have a privacy review and audit system in place for all data collection activities, including that of third-party service providers? Have you taken necessary or reasonable steps to protect users' confidential data?

Do you review the plan on a regular basis to make sure it reflects key changes? Do key staff members have hard copies of the plan readily accessible in their offices and homes?